Thursday, February 22, 2018

Question on RADIUS auth for Cisco switches

I've got a bunch of 2960Xs running 15.2(2)E3.

When looking in their configs related to setting up RADIUS authentication for administrative logins, I see servers specified at two places in the config and I'm confused as to how they relate to each other. Can someone explain how a radius server group, which is specified near the top of the config with

aaa group server radius <name> <ip1> <ip2> <ip3> 

Relates to the entries at the bottom of the config, where I've got

radius-server host <ip1> key 7 *hash1* radius-server host <ip2> radius-server host <ip3> key 7 *hash2* radius-server key 7 *hash2* 

I appreciate any insight people can give.



No comments:

Post a Comment